Vulnerabilities > CVE-2006-1144 - Cross-Site Scripting vulnerability in David Ravenscroft Hithost 1.0.0

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
david-ravenscroft
exploit available

Summary

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.

Vulnerable Configurations

Part Description Count
Application
David_Ravenscroft
1

Exploit-Db

  • descriptionHitHost 1.0 deleteuser.php user Parameter XSS. CVE-2006-1144. Webapps exploit for php platform
    idEDB-ID:27371
    last seen2016-02-03
    modified2006-03-06
    published2006-03-06
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27371/
    titleHitHost 1.0 deleteuser.php user Parameter XSS
  • descriptionHitHost 1.0 viewuser.php hits Parameter XSS. CVE-2006-1144. Webapps exploit for php platform
    idEDB-ID:27372
    last seen2016-02-03
    modified2006-03-06
    published2006-03-06
    reporterRetard
    sourcehttps://www.exploit-db.com/download/27372/
    titleHitHost 1.0 viewuser.php hits Parameter XSS